Merge "Allow shell to read /vendor/apex/*" into sc-dev
diff --git a/prebuilts/api/31.0/private/shell.te b/prebuilts/api/31.0/private/shell.te
index 1dda977..40b19fd 100644
--- a/prebuilts/api/31.0/private/shell.te
+++ b/prebuilts/api/31.0/private/shell.te
@@ -114,8 +114,10 @@
allow shell self:perf_event { open read write kernel };
neverallow shell self:perf_event ~{ open read write kernel };
-# Allow shell to read /apex/apex-info-list.xml
+# Allow shell to read /apex/apex-info-list.xml and the vendor apexes
allow shell apex_info_file:file r_file_perms;
+allow shell vendor_apex_file:file r_file_perms;
+allow shell vendor_apex_file:dir r_dir_perms;
# Set properties.
set_prop(shell, shell_prop)
diff --git a/private/shell.te b/private/shell.te
index 1dda977..40b19fd 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -114,8 +114,10 @@
allow shell self:perf_event { open read write kernel };
neverallow shell self:perf_event ~{ open read write kernel };
-# Allow shell to read /apex/apex-info-list.xml
+# Allow shell to read /apex/apex-info-list.xml and the vendor apexes
allow shell apex_info_file:file r_file_perms;
+allow shell vendor_apex_file:file r_file_perms;
+allow shell vendor_apex_file:dir r_dir_perms;
# Set properties.
set_prop(shell, shell_prop)